What Browser is the Most Secure for Online Browsing & Purchasing?

Clearly by my question, I am not the most technologically well rounded, but I hope you will still bare with me and share your personal take. I found an article about four years old talking about how Opera was the most secure web browser on ecommerce sites because it inherently trusts zero sites. However, Opera isn't supported by most sites anymore so I was looking for an updated take on this topic. Is there a particular web browser that is considered more "secure" than others?Or are there just ways to make any browser, regardless of which one, more secure?

They seem to take turns at it - same as they do for performance, compatibility to standards, etc. Mostly that's because they are constantly being worked on. Any answer you get now will change in a few months?.

As a long time user of Opera I find there are very few sites that
don't work in the latest version and to increase security one of the
most effective changes is to set your router to use OpenDNS servers
rather than your ISP's default. Then add in filtering such as Adblock
Plus and Ghostery ( a major infiltration route is malicious adverts
these days - sorry advertisers, but the bad guys have rained on your
parade big time !! )

Also remove Java - there's little of value on web sites and it's
really becoming an unacceptable risk these days ( plus the Windows
update is a pain of clicking and avoiding the optional extras that
come with it ). I've not had Java installed for a long time now and
don't miss it one jot.

BTW - it's always a good idea to have alternative browsers such as
Firefox or Chrome for those site that are fussy about a particular
browser.

My feeling is that you pick the browser that best meets your needs and
preferences. Make sure it is one that gets updated regularly and set it
to auto update. Trying to say who is the most secure is like the weather
in New England: "If you don't like it, wait a minute".

"Making your browser more secure" is the only real part you can effect,
that and your own behaviour. As has been already stated, the various
major browsers leap-frog each other over time in which is resistant to a
greater or fewer number of exploits. But to be honest the best way of
making your browser more secure is to not feed it dodgy links. Not to
run the programmatic content of the site (javascript generally, java
less so) until you have decided the site you are viewing is secure. Not
to trust your secure data (passwords, bank details) over the internet to
sites not running https. So my advice is to install the no-script and
other control plug-ins already listed.

1. do not let any browser you use "Remember Password"
2. do not let any webpage "Remember Me" when signing in
3. use Paypal for transactions when ever possible. I have had great response and customer service with Paypal. And no trouble whatsoever with them.
4. If you really do and need to do online shopping a lot, purchase a visa gift card. (not a prepaid card, there are fees with those) Then use it for purchases and even paying bills with them.

Hi
Please explain what exactly you mean by "secure". Is "trusting zero site" what you mean by "secure.
Nonetheless, I enjoy Mozilla Firefox anytime and my take on security is a good Firewall & AV.
Cheers.

Actually the Green Dot refillable credit cards are handy for safe online transactions. Also, I have had very good luck with using LastPass for cryptographically strong password generation and management.

I have had issues with some vendors using gift cards as there is no name and or address associated with gift cards.

I prefer Firefox for browsing and purchasing. Also always keep in mind to clear your browser history settings before logging of your computer after every online purchase. Please make it a habit or set your browser settings in such a way that it clears its history and web cache after each browser exit.

What are the takeaways (not just from this but more generally)?:
- all browsers are vulnerable, so pick the one you like the best
- when patches come out for them - install them ASAP
- use common sense when browsing (clicking on the dancing pigs won't win you a free iPhone)
- if you use Windows, install the free EMET tool from Microsoft. Its no silver bullet, but makes it significantly harder for exploits to work successfully, and buys you time until you can patch the vulnerability (it doesn't just protect IE, and should be used for any browser and app that interacts with untrustworthy content)

I have been testing it and it has handled even non-malicious weirdness gracefully. If it detects an issue, it shuts the app down. Keep in mind, though, EMET is a little different than a lot of apps.

If an AV program is like an alarm on your house, EMET is like having your own security guard. It is not intended to block given attacks, per se, but it is designed to leverage existing mitigations to prevent a potential issue from spreading. If you try it, remember that you have to select to protect any app you want covered by it (non-IE browser, for example, or your favorite non-MS email programs) manually. It ships with some default app coverage, like Java, IE, and Acrobat (if I remember correctly). Also, like a security guard, it does not work "out of the box" per se, but requires some time training.

I was in the online services business more than a decade before the Web
and its browsers hit. I know the back story: audience aggregators
(publishers) would absolutely not accept the idea that the medium was
social (yes, social media built our Delphi and CompuServe and Quantum
(AOL)) but the publishers insisted that it was about publishing, ie, I
write, you read, I talk, you listen, I broadcast, you watch. So fine,
that's what the browser was all about, a publishing medium.

But. It's really social. And transactional.

So now we have this outdoor advertising medium, a public billboard
called a browser, trying to be a bank teller window and a meeting room
in an office building and a classroom for middle schoolers. Good luck with that.

Abandon all hope ye who enter a browser with expectations of security.
It just isn't and it will never be. The assumptions behind browsers are
all outdoor assumptions.

>> It is not intended to block given attacks, per se, but it is designed to leverage existing mitigations

Not sure what you mean by this - it is designed to block given attacks. Some of the mitigations (like DEP, ASLR and SEHOP) will already be applied to apps built with a modern compiler (esp. 64-bit), but all of the other mitigations you only get if EMET is protecting the app when it starts (which you need to define which apps you want to protect)

5.0 tech preview has a cool new feature where you can prevent IE from loading a Java plug-in for a site in the Internet zone, but allow it for sites in the Intranet or Trusted zones - good news if you need to support Java for internal apps. Same goes for Flash, Reader and any other commonly targeted plug-ins. In fact you can prevent any app from loading any library or control that it doesn't need and that could introduce a vulnerability.

Interestingly, MS has dropped support for XP in 5.0 (but it is supported in 4.1). Sign of the times folks - time to leave XP behind...

Security is a process. For anonymity in the modern age use TOR. Firefox is useful after exploring the addons. Within Firefox I suggest eraser for deleting stored passwords. The Foxy Proxy addon is another way of protecting your location and you will have to monitor your cookies. True browser security may be impossible in the modern age unless you are willing to give up graphics. For real paranoia you will also need to use a secure operating system. To answer your question the most secure web browser experience I know about would be the Lynx browser on OpenBSD behind a properly configured TOR proxy.

I think its more a matter of how do you secure your browser of choice. Just because a browser is deemed more secure than others, it doesn't mean that the habits of the user will not affect the overall security posture. After all, if I handed someone a computer that had every security control on it, I'm pretty sure after their kid plays with it for 10 minutes, it's going to have some malware on it. It's inevitable.

The best thing you can do is pick a browser which supports add-ons, in my case I like Chrome and Firefox, and ensure that you have security plugins active which help reduce the risk of picking up unwanted traffic and risks awhile you go about your online business. Also, keeping your device secure through traditional security addons like A/V, endpoint etc will help with identifying anything that slipped through. Sadly, it's up to you to manage the overall security of your device, not just the browser.

Copyright 1998-2015 Ziff Davis, LLC (Toolbox.com). All rights reserved. All product names are trademarks of their respective companies. Toolbox.com is not
affiliated with or endorsed by any company listed at this site.